Sarbanes-Oxley: Seven steps to CYA

Article

Sarbanes-Oxley: Seven steps to CYA

Linda Tucci, Senior News Writer
Companies are breathing a sigh of relief after a year of scrambling and spending for SOX compliance.

Next year, however, is not expected to be a piece of cake. Compliance spending is expected to go up this year and next as SMBs and foreign registrants enter the fray. Experts advise companies see SOX as a business process, not a series of tactical problems. Here are seven ways to survive year two of compliance.

  1. Foundation: SOX is a process, not a project. Build compliances requirements into the foundation of how you run your business.
  2. SOX Office: Establish a SOX office staffed by people involved in year 1 compliance and fresh recruits, including, if necessary, new hires with specific skills.
  3. Dashboards: Sustain SOX compliance by making it front and center for your company through the use of portals, dashboards and/or scorecards. Expect to spend between $50,000 to $250,000
  4. Automate: Automate rather than replace. Don't toss out what you did last year. Experts estimate that automation technology can save upwards of 25% of SOX costs.
  5. Embed: Embed testing of internal controls in business processes or use a LAN that sits outside business processes to verify controls.
  6. Testing: Test all transactions, not just samples on a continuous basis.
  7. Monitor: Monitor controls that were put in place late last year to meet the deadline and

    Requires Free Membership to View

    Download CIODecisions Ezine FREE with your registration.

    Get essential editorial insights that senior IT executives need to run IT operations effectively and efficiently. Check out past issues then register to get the latest issue.

    Get Enterprise CIO Decisions Now!

    By submitting your registration information to SearchCIO.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchCIO.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

  1. make sure they continue to mature.

Sources: AMR Research; Pricewaterhouse Cooper; ACL Services Ltd., Iron Mountain Inc.